Go Back   Web User Forums > Software > Windows 7 help

Reply
 
Thread Tools Search this Thread Display Modes
  #21  
Old 19-01-18, 17:05
Cantrel Cantrel is offline
Global Moderator
 
Join Date: Jul 2012
Location: UK
Posts: 9,632
Default Re: whats starting up in the background

That is the Volume Shadow Copy Service - are you able to create restore points.

Can you click on that Event ID then on Copy/Copy details as text in the lower right pane - right click in the reply box and select Paste to see what it says.
Reply With Quote
  #22  
Old 20-01-18, 11:51
kevinf80's Avatar
kevinf80 kevinf80 is offline
Global Moderator
 
Join Date: Feb 2008
Location: Sunderland.UK.
Posts: 2,934
Default Re: whats starting up in the background

Hello alex2527,

You mention earlier in your thread about Malwarebytes removing entries from your system, can you post that log:

To get the log from Malwarebytes do the following:
  • Click on the Reports tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:

    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

Please download VEW by Vino Rosso from HERE and save it to your Desktop.
  • Double-click VEW.exe. to start, Vista and Windows 7/8 users Right Click and select "Run as Administrator"
  • Under 'Select log to query...check the boxes for both Application and System.
  • Under 'Select type to list... select both Error and Critical.
  • Click the radio button for 'Number of events...Type 15 in the 1 to 20 box.
  • Then click the Run button.
  • Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient.

Please post the Output log in your next reply.

Thanks,

Kevin...
Reply With Quote
  #23  
Old 01-02-18, 17:13
alex2527 alex2527 is offline
Established member
 
Join Date: Feb 2008
Posts: 182
Default Re: whats starting up in the background

in the event viewer at the time the bug appeared today the error shown was' CDr4_xp failed to load' and I see that on looking back this error has been coming up every day probably just after start-ups Alex
Reply With Quote
  #24  
Old 01-02-18, 17:33
Cantrel Cantrel is offline
Global Moderator
 
Join Date: Jul 2012
Location: UK
Posts: 9,632
Default Re: whats starting up in the background

That loads various applications and probably relates to what you have reported about MBAM.

Post the log that Kevin has asked for as it could be a false positive on the part of MBAM.
Reply With Quote
  #25  
Old 03-02-18, 14:40
alex2527 alex2527 is offline
Established member
 
Join Date: Feb 2008
Posts: 182
Default Re: whats starting up in the background

Hi Kevin, This is what I get;

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/02/2018 14:32:59

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/02/2018 17:24:18
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4b6b3534-c25a-44ff-8b26-91bc05185177}

Log: 'Application' Date/Time: 30/01/2018 23:16:11
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {51e64cf0-0a6e-47cd-a7f7-e3c9ee01df6e}

Log: 'Application' Date/Time: 28/01/2018 17:42:39
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2ed83f8a-ebf6-4e1a-9063-95b5ca9664fd}

Log: 'Application' Date/Time: 20/01/2018 22:01:34
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x800706be, The remote procedure call failed. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
BackupComplete Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d48ccba1-d647-442a-a5c7-7d0ec9399206}

Log: 'Application' Date/Time: 19/01/2018 23:11:59
Type: Error Category: 3
Event: 454 Source: ESENT
DllHost (4408) WebCacheLocal: Database recovery/restore failed with unexpected error -501.

Log: 'Application' Date/Time: 19/01/2018 23:11:59
Type: Error Category: 3
Event: 465 Source: ESENT
DllHost (4408) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Alex\AppData\Local\Microsoft\Windows\WebC ache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 393 (0x00000189). This logfile has been damaged and is unusable.

Log: 'Application' Date/Time: 19/01/2018 23:11:59
Type: Error Category: 3
Event: 465 Source: ESENT
DllHost (4408) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Alex\AppData\Local\Microsoft\Windows\WebC ache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 393 (0x00000189). This logfile has been damaged and is unusable.

Log: 'Application' Date/Time: 19/01/2018 23:11:59
Type: Error Category: 3
Event: 465 Source: ESENT
DllHost (4408) WebCacheLocal: Corruption was detected during soft recovery in logfile C:\Users\Alex\AppData\Local\Microsoft\Windows\WebC ache\V01.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector 393 (0x00000189). This logfile has been damaged and is unusable.

Log: 'Application' Date/Time: 19/01/2018 16:42:35
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {9009ac4e-8275-43df-b481-d4051751098b}

Log: 'Application' Date/Time: 19/01/2018 15:04:44
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x800706ba, The RPC server is unavailable. . This is often caused by incorrect security settings in either the writer or requestor process.

Log: 'Application' Date/Time: 19/01/2018 15:04:44
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x800706ba, The RPC server is unavailable. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
PrepareForSnapshot Event

Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {b424788e-ca05-420c-8103-c12533814ecf}

Log: 'Application' Date/Time: 19/01/2018 15:04:44
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x800706ba, The RPC server is unavailable. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
PrepareForSnapshot Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {0e90e5a8-c54a-41f7-b80d-cff2e680e1c1}

Log: 'Application' Date/Time: 19/01/2018 15:04:44
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x800706ba, The RPC server is unavailable. . This is often caused by incorrect security settings in either the writer or requestor process.

Log: 'Application' Date/Time: 19/01/2018 15:04:44
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x800706ba, The RPC server is unavailable. . This is often caused by incorrect security settings in either the writer or requestor process.

Log: 'Application' Date/Time: 19/01/2018 15:04:44
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x800706ba, The RPC server is unavailable. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
PrepareForSnapshot Event

Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {56c703a7-3823-461f-82c2-5e7370f07edd}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/01/2018 18:51:00
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 20/12/2017 10:12:19
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/12/2017 15:43:44
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/11/2017 17:51:14
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 30/10/2017 11:52:43
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/10/2017 10:00:16
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 13/10/2017 15:33:16
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/10/2017 13:30:45
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 13/09/2017 13:46:33
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/09/2017 12:41:32
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 27/08/2017 15:50:27
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/08/2017 14:37:22
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/02/2018 14:17:01
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Cdr4_xp

Log: 'System' Date/Time: 02/02/2018 19:23:59
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Cdr4_xp

Log: 'System' Date/Time: 02/02/2018 19:22:30
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 02/02/2018 19:00:29
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Cdr4_xp

Log: 'System' Date/Time: 02/02/2018 18:59:31
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Cdr4_xp

Log: 'System' Date/Time: 02/02/2018 18:59:31
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 02/02/2018 18:59:31
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: The media is write protected.

Log: 'System' Date/Time: 02/02/2018 18:59:31
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Distributed Link Tracking Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 02/02/2018 18:59:31
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Remote Desktop Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 02/02/2018 18:59:31
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The TCP/IP Registry Compatibility service failed to start due to the following error: The media is write protected.

Log: 'System' Date/Time: 02/02/2018 18:59:31
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 02/02/2018 18:59:31
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The srvnet service failed to start due to the following error: The media is write protected.

Log: 'System' Date/Time: 02/02/2018 18:59:31
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PEAUTH service failed to start due to the following error: The media is write protected.

Log: 'System' Date/Time: 02/02/2018 18:59:31
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 02/02/2018 18:59:31
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The MSCamSvc service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.

Alex
Reply With Quote
  #26  
Old 03-02-18, 15:55
Cantrel Cantrel is offline
Global Moderator
 
Join Date: Jul 2012
Location: UK
Posts: 9,632
Default Re: whats starting up in the background

Alex - I think Kevin was wanting to see the MBAM log where it had removed certain items and not your Event Viewer log.
Reply With Quote
  #27  
Old 03-02-18, 16:10
alex2527 alex2527 is offline
Established member
 
Join Date: Feb 2008
Posts: 182
Default Re: whats starting up in the background

Hi cantrel, he asked for both actually, i think this is the MBAM one

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/26/17
Scan Time: 8:49 PM
Log File: 53770bd2-d2eb-11e7-855b-000bdbc33b34.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3350
License: Expired

-System Information-
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Alex-PC\Alex

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 273731
Threats Detected: 58
Threats Quarantined: 56
Time Elapsed: 15 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 22
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\_locales\en, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\html\popup, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\_metadata, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\js\popup, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\_locales, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\newtab, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\html, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\css, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GNMPMEOILNJBFEDCKPNJKNKAJE OOEBBL, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\_locales\en, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\html\popup, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\_metadata, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\js\popup, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\_locales, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\newtab, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\html, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\css, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IKLMMLOIMGHIKHOMHJIKDDBMKP BGPNKH, Quarantined, [648], [449620],1.0.3350

File: 36
PUP.Optional.Spigot, C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Removal Failed, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Preferences, Replaced, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\GNMPMEOILNJBFEDCKPNJKNKAJE OOEBBL\2.4_0\MANIFEST.JSON, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\css\description.css, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\css\popup.css, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\html\popup\description.html, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\html\popup\popup.html, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\js\popup\popup.js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\js\userNewTab.js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\newtab\slimemail__newtab.html, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\_locales\en\messages.json, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\_metadata\computed_hashes.json, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\_metadata\verified_contents.json, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\after.js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\background.js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\chromeRestore.js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\contentscript.js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnmpmeoilnjbfedckpnjknkaje ooebbl\2.4_0\icon.png, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Removal Failed, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Preferences, Replaced, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\USERS\ALEX\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IKLMMLOIMGHIKHOMHJIKDDBMKP BGPNKH\6.3_0\MANIFEST.JSON, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\css\description.css, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\css\popup.css, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\html\popup\description.html, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\html\popup\popup.html, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\js\popup\popup.js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\js\userNewTab.js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\newtab\slimemail__newtab.html, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\_locales\en\messages.json, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\_metadata\computed_hashes.json, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\_metadata\verified_contents.json, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\after.js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\background.js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\chromeRestore.js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\contentscript.js, Quarantined, [648], [449620],1.0.3350
PUP.Optional.Spigot, C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklmmloimghikhomhjikddbmkp bgpnkh\6.3_0\icon.png, Quarantined, [648], [449620],1.0.3350

Physical Sector: 0
(No malicious items detected)


(end)Maybe it was an earlier one Alex
Reply With Quote
  #28  
Old 06-02-18, 01:29
Madeline's Avatar
Madeline Madeline is offline
Top contributor
 
Join Date: Jan 2004
Location: Cymru
Posts: 47,817
Default Re: whats starting up in the background

Malwarebytes Labs has this article about the Spigot PUP:

Spigot browser hijackers - Malwarebytes Labs | Malwarebytes Labs
Quote:
There is a large family of Spigot browser hijackers that all have a lot in common. So by giving you a description of them we hope this will help you to avoid any similar and new ones that might come along.
It looks like Malwarebytes has got rid of it for you though!
__________________
"I'm Irish. We think sideways." Spike Milligan. 1918 - 2002
Reply With Quote
  #29  
Old 06-02-18, 08:36
alex2527 alex2527 is offline
Established member
 
Join Date: Feb 2008
Posts: 182
Default Re: whats starting up in the background

Yes but original problem still there . Alex
Reply With Quote
  #30  
Old 06-02-18, 22:30
Madeline's Avatar
Madeline Madeline is offline
Top contributor
 
Join Date: Jan 2004
Location: Cymru
Posts: 47,817
Default Re: whats starting up in the background

It's a bit of a mystery! Have you considered trying a different mouse to see if the problem persists?
__________________
"I'm Irish. We think sideways." Spike Milligan. 1918 - 2002
Reply With Quote
Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Search the forum

Search

© Dennis Publishing Limited Licensed by Felden





All times are GMT. The time now is 03:46.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright Dennis Publishing 2010, All rights reserved